fix CVE-2024-1753
(cherry picked from commit 50f80d1d0e03f199b40bbede24bb407fa3383bbe)
This commit is contained in:
bwzhang
openeuler-sync-bot
parent
81092fc7c2
commit
7daa64cb7d
37
0002-fix-CVE-2024-1753.patch
Normal file
37
0002-fix-CVE-2024-1753.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 6417891690fc0bc85ca4335d7c6ecf8d19ead121 Mon Sep 17 00:00:00 2001
|
||||
From: bwzhang <zhangbowei@kylinos.cn>
|
||||
Date: Thu, 11 Apr 2024 13:53:33 +0800
|
||||
Subject: [PATCH] fix CVE-2024-1753
|
||||
|
||||
---
|
||||
internal/volumes/volumes.go | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/internal/volumes/volumes.go b/internal/volumes/volumes.go
|
||||
index f7ac14a..c07c67e 100644
|
||||
--- a/internal/volumes/volumes.go
|
||||
+++ b/internal/volumes/volumes.go
|
||||
@@ -11,6 +11,7 @@ import (
|
||||
|
||||
"errors"
|
||||
|
||||
+ "github.com/containers/buildah/copier"
|
||||
"github.com/containers/buildah/define"
|
||||
"github.com/containers/buildah/internal"
|
||||
internalParse "github.com/containers/buildah/internal/parse"
|
||||
@@ -189,7 +190,11 @@ func GetBindMount(ctx *types.SystemContext, args []string, contextDir string, st
|
||||
// buildkit parity: support absolute path for sources from current build context
|
||||
if contextDir != "" {
|
||||
// path should be /contextDir/specified path
|
||||
- newMount.Source = filepath.Join(contextDir, filepath.Clean(string(filepath.Separator)+newMount.Source))
|
||||
+ evaluated, err := copier.Eval(contextDir, newMount.Source, copier.EvalOptions{})
|
||||
+ if err != nil {
|
||||
+ return newMount, "", err
|
||||
+ }
|
||||
+ newMount.Source = evaluated
|
||||
} else {
|
||||
// looks like its coming from `build run --mount=type=bind` allow using absolute path
|
||||
// error out if no source is set
|
||||
--
|
||||
2.20.1
|
||||
|
||||
11
buildah.spec
11
buildah.spec
@ -22,7 +22,7 @@
|
||||
|
||||
Name: buildah
|
||||
Version: 1.34.1
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: A command line tool used for creating OCI Images
|
||||
License: Apache-2.0 and BSD-2-Clause and BSD-3-Clause and ISC and MIT and MPL-2.0
|
||||
URL: https://%{name}.io
|
||||
@ -30,6 +30,7 @@ Source: %{git0}/archive/refs/tags/v%{version}.tar.gz
|
||||
Source1: https://github.com/cpuguy83/go-md2man/archive/refs/tags/v2.0.2.tar.gz
|
||||
|
||||
Patch0001: 0001-fix-CVE-2024-24786.patch
|
||||
Patch0002: 0002-fix-CVE-2024-1753.patch
|
||||
|
||||
BuildRequires: device-mapper-devel
|
||||
BuildRequires: git-core
|
||||
@ -77,7 +78,7 @@ Requires: git-daemon
|
||||
This package contains system tests for %{name}
|
||||
|
||||
%prep
|
||||
%autosetup -Sgit -n %{name}-%{version}
|
||||
%autosetup -Sgit -n %{name}-%{version} -p1
|
||||
tar -xf %SOURCE1
|
||||
|
||||
%build
|
||||
@ -145,6 +146,12 @@ rm %{buildroot}%{_datadir}/%{name}/test/system/tools/build/*
|
||||
%{_datadir}/%{name}/test
|
||||
|
||||
%changelog
|
||||
* Thu Apr 11 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.34.1-3
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC: fix CVE-2024-1753
|
||||
|
||||
* Wed Apr 10 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.34.1-2
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user